Senior DevSecOps | Application Security Specialist
Senior DevSecOps | Application Security Specialist
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The future of insurance starts with AI. To date Shift Technologys AIpowered products have benefitted more than 300 million policyholders globally by reducing underwriting risk identifying more fraud and automating critical tasks throughout the claims process. Shift harnesses the power of AI to enable the worlds leading insurance organizations to make better decisions. Our products help insurers improve operational efficiency reduce costs and deliver superior customer experiences to their policyholders. Our culture is built on innovation trust and a drive to transform the insurance industry by imagining and innovating solutions that impact insurers and their customers like you! We come from more than 50 different countries and cultures and together we are creating the future of insurance.
The security team is a critical component of Shift Technology as no organization is immune to cybercrime. The team is responsible for protecting information throughout the security infrastructure edge devices networks and data. We strive to stay up to date with the latest tactics hackers are employing in the field in order to prevent data breaches by monitoring and reacting to attacks but the first step is finding the most qualified professionals to lead the way.
What youll do...
As a Sr. Application Security Engineer within Shift you will own maintain and promote the security tools of the SDLC CI/CD pipeline continuously test (manually and automatically) and monitor software security from design to production supervise part of the SOC. Youll join a team and a company where you can own and drive and progress your career to the next level. As part of the information security department this role reports to the CISO.
RESPONSIBILITIES
- Working with data scientists and software delivery teams to ensure technical security standards and architectures are well understood and best practices are followed so the software is developed with Security and Privacy by Design and by Default in mind.
- Raise the awareness of our developers about security best practices
- Automation of security testing (SAST DAST SCA Vulnerability management threat modelling etc.) and acquaintance with relevant tooling eg. Github Advance Security Veracode Snyk ThreatAgile ZAP Burp Bug Bounty etc.
- Interest in Data Science Engineering and ML Security on Azure and AWS.
- Ownership of the Application Security Chapters by defining technical policies standards and guidelines for security relating to software development and championing these through the organisation.
- Working with engineering leads on identified security risks and software vulnerability.
- Operate a software vulnerability management program.
- Understanding/Knowledge of main development language frameworks (C# Java React Python etc)
- Occasional security auditing of software developed by the company and its partners.
- Oversee security managed services and outsourced security capabilities
- Create maintain and execute appropriate incident response processes to enable timely escalation containment and recovery of cyber security events
- Work with other teams to identify recurring patterns and propose strategic actions to reduce risk
- Provide clear concise and easily consumable communication with key technical and nontechnical stakeholders so that incidents are understood and appropriately addressed
- Ensure accurate and clear communication with all stakeholders
- Provide appropriate KPIs and KRIs to key stakeholders
- Technical liaison with third parties on application security related discussions related to security.
- Promote a mindset of developing secure systems transferring knowledge of security standards / processes and acting as a subject matter expert (SME)
SKILLS & BACKGROUND
- 5 years experience with a degree in Computer Science IT Systems Engineering or a related qualification.
- Familiarity with applicable standards methods models and approaches (OWASP CWEs MITRE threat modeling etc.).
- Knowledge of scripting language (Python Ruby Rust etc.).
- Strong knowledge of API and Web Apps security.
- Collaboration Engagement with the tech teams and other stakeholders especially in a remote setting.
- Good understanding of software security principles and best practices.
- Excellent communication skills; comfortable to represent the cyber security team at all levels of the organisation and with partners and vendors.
- Good awareness of cybersecurity trends.
- Strong attention to detail a can do attitude and an analytical mind and outstanding problem solving
Recruitment Process
- TA Interview
- Security team interview
- Technical interview
- CISO interview
- CTO interview
#LIRH1 #LIHYBRID
#LIONSITE #LIHYBRID
To support our permanent full time employees at every stage of their careers and lives we provide a competitive total rewards and benefits package. Here are the global benefits wed like to highlight:
- Flexible remote and hybrid working options
- Competitive Salary and a variable component tied to personal and company performance
- Company equity
- Focus Fridays a halfday each month to focus on learning and personal growth
- Generous PTO and paid holidays
- Mental health benefits
- 2 MAD Days per year (Make A Difference Days for paid volunteering)
Additional benefits may be offered by country ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits ask your recruiter for more details.
At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our companywithout regard to race color religion marital status age national or ethnic origin physical or mental disability medical condition pregnancy genetic information gender identity or expression sexual orientation or other nonmerit criteria.
Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation please email and we will work with you to meet your accessibility needs.
Please be aware of scammers and only trust correspondence that comes from emails ending in
Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs including those submitted directly to hiring managers are deemed to be the property of Shift Technology.
Required Experience:
Senior IC
Employment Type
Full Time
